From e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 5 Dec 2015 20:31:27 -0500
Subject: Rewrite of the authentication and authorization system

---
 app/Controller/Customfilter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Controller/Customfilter.php')

diff --git a/app/Controller/Customfilter.php b/app/Controller/Customfilter.php
index d6863103..ef75a837 100644
--- a/app/Controller/Customfilter.php
+++ b/app/Controller/Customfilter.php
@@ -137,7 +137,7 @@ class Customfilter extends Base
     {
         $user_id = $this->userSession->getId();
 
-        if ($filter['user_id'] != $user_id && (! $this->projectPermission->isManager($project['id'], $user_id) || ! $this->userSession->isAdmin())) {
+        if ($filter['user_id'] != $user_id && ($this->projectUserRole->getUserRole($project['id'], $user_id) === Role::PROJECT_MANAGER || ! $this->userSession->isAdmin())) {
             $this->forbidden();
         }
     }
-- 
cgit v1.2.3